US Congressional Hearing Features Hikvision

By: John Honovich, Published on Jan 31, 2018

A US Congressional hearing asked questions about Hikvision's government ownership and cybersecurity issues, following the WSJ's investigations into Hikvision.

Plus, Hikvision has issued a 'special bulletin' response to their dealers.

In this note, we examine the US Congressional hearing, share key clips from it, review Hikvision's response and the outlook going forward.

US Congressional *******

*** ** ************* ********* ** Small ******** **** * hearing ****** "***** ******** Information *******: ********* ******* Cyber *******" [**** ** longer *********] ** ******* 30th.

*** ******** ** *** Committee **** *** ******* remarks ** **** *** 'foreign *** ******' *** Hikvision:

** *** *&*, *** Chairman **** ***** ********* about *********'* ******* ********** ownership *** ************* ****** to ***:

******* *-**** ******* ***** recording** ******** *****:

Response - "********* ************ ******** ***** *******"

********* **** ******* '******* bulletin' ***** ***** *** same *** ****** "********* ************ Supports ***** *******":

*********'* ***** ******* *** Committee's ******** ** *********'* government *********, ****** ******** on ******* **** ** protect ******* ***** ******* and ***************.

Good *** *********

*** **** **** *** Hikvision ********:

  • **** *** ********* ******** brought ** *********. *** other officials *** ***.
  • *** ******** *** ********* on ********* **** ******* and *** *** **** or ***** *** **** details.
  • **** *** ** *** Small ******** ********* ****** than ******* ** ********-******* **** which ***** ***** **** problems *** *********.

Bad *** *********

*** *** **** ** that ***********, *** *** FBI (**** **********) **** talking ***** *********. *** more ********* ** *********'* obvious ******* ********** *******, the **** **** *** Hikvision's ****** ******* ** the ****** ******

*******

 

*** *** ****** ** what ******* ****. ** this ** ****** *** Congressman ****** ** **** a ***** *** ** one **** ** ** cares, **** ***** **** into * **** *** Hikvision. *******, ** **** US ********** ********* ***** ***** Hikvision *** *** ******* it ***** ** *** US, **** ***** ** the ********* ** * major ******* *** *** Chinese **********-***** *******. **** will ****.

Comments (9)

IPVM, great job covering topics that are important to our industry.

Before I comment any further, I'm going to switch over to SSI's website and read more about this blow to Hikvision... (never to return)

This hearing did not talk about any discussion about national security threat US may face because of Chinese government ownership of Hikvision. The comment about 40% ownership made it sound like the security flaw is due to the fact that the company was owned by Chinese government.

Update: SIW did a post covering this: Congressional committee confronts effects of cyber crime on small businesses, key quote from Hikvision's Chuck Davis:

To put this in a broader context, finding vulnerabilities is not a reflection of the company’s commitment to security—fixing them is, which is why we worked with DHS throughout the process and issued the firmware update in March 2017—two months before the DHS issued its ICS-CERT. DHS acknowledged that the firmware update that has been readily available on our website since mid-March resolves the vulnerability.

That is a fascinating perspective since simply having a magic string backdoor raises grave concerns about the company's lack of commitment or competency in cybersecurity. Also, the reason Hikvision released the fix so soon was because we told Hikvision that IPVM was going to report on it immediately in March.

They fixed it because Solely because IPVM would report it? I think you’re overestimating your impact John.

If there is someone who influenced it, it is the source that found it and reported it, not the one reporting on the reported problem.

Jonathan, I said they "released the fix so soon" because of IPVM. That your counter to that is "They fixed it because Solely because IPVM" is intellectually incoherent.

Below is the email I sent to them on March 10 saying that we were publishing on Monday March 13th.

Sunday, March 12th, they emailed their dealers with the now clearly deceptive Hikvision 'Privilege-Escalating' Security Vulnerability notice.

I think you’re overestimating your impact John.

Actually, the opposite. Hikvision executives routinely blame IPVM for all of their public problems, literally. Various execs report this back to me. Hikvision has said similar to me. That noted, I disagree, the cause of their problems is mostly their factual Chinese government ownership and their poor historic approach to cybersecurity.

I was referring to your own statement above:

Also, the reason Hikvision released the fix so soon was because we told Hikvision that IPVM was going to report on it immediately in March.

 

I know what you were referring to Jonathan. That is exactly my point. I said it was the reason they "released the fix so soon", I never claimed, as you alleged, "They fixed it because Solely because IPVM".

Actually it is pretty apparent that IPVM has an impact on Hik. I have seen some of the posts where Hik refers to an online magazine. It is not hard to connect the dots.

 

 

Related: 

Though, in the last few months, Hikvision has reduced public attacks against IPVM but certainly not because they like us any better. I believe they realized that their attacks were actually helping us.

Read this IPVM report for free.

This article is part of IPVM's 6,541 reports, 882 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now

Related Reports

US GSA Explains NDAA 889 Part B Blacklisting on Jul 31, 2020
With the 'Blacklist Clause' going into effect August 13 that bans the US...
HID Presents Mercury Security & Aero Access Controllers on Aug 25, 2020
HID presented Mercury Security & Aero Access Controllers at the 2020 IPVM...
Huawei HiSilicon Shortage Impacts Surveillance Manufacturers on Aug 14, 2020
Huawei acknowledged problems and challenges for its HiSilicon chip business,...
SenseB4 Presents Cloud Network Device Monitoring on Jun 09, 2020
SenseB4 presented its cybersecurity and network health monitoring products at...
Deep Sentinel Presents Crime Response For Business on Jun 11, 2020
Deep Sentinel presented its anti-intrusion and live response for home and...
Hikvision Put on US DoD "Communist Chinese Military Companies" List, Faces Risk of Presidential Sanctions on Jun 26, 2020
The US DoD has put Hikvision on a list of "Communist Chinese Military...
Verkada Disruptive Embedded Live Help on Sep 24, 2020
Call up your integrator? Have someone come by the next day? Verkada is...
China General Chamber of Commerce Calls Out US Politics on Sep 24, 2020
While US-China relations are at an all-time low, optimism about relations...
Startup Rhombus Presents Cloud Managed Physical Security on Sep 02, 2020
Rhombus Systems, a closed camera, analytics and cloud VMS alternative to...
Ban Rules Released: Use Dahua or Hikvision, No US Government Contracts on Jul 13, 2020
The US government has released the rules implementing the "Prohibition on...
Startup Cawamo Presents Live Alerts With Edge AI and Cloud VMS on Sep 15, 2020
Cawamo, an Israeli edge-to-cloud analytics and VMS startup, presented its...
Trueface Presents AI Face Recognition, Mask and Temperature Detection on Jun 10, 2020
Trueface presented its AI facial recognition, mask and temperature detection...
Defendry Presents AI Active Shooter Security System on Jul 14, 2020
Defendry presented its Active Shooter security system at the May 2020 IPVM...
Salesforce Drops Dahua and Hikvision on Aug 12, 2020
Salesforce has dropped Dahua and Hikvision as customers, forcing the two mega...
Anyvision Presents AI Facial Recognition and Mask Detection on Jun 08, 2020
AnyVision presented its AI facial recognition and mask detection at the May...

Recent Reports

New Products Show Fall 2020 continues tomorrow with Genetec, Milestone, Avigilon, Microsoft and more! on Sep 29, 2020
IPVM's sixth online show continues tomorrow and will feature New Products...
Avigilon / Motorola VS Virtual ISC West on Sep 29, 2020
ISC West has historically been so dominant that no player would think of...
Dartmouth College Deploys K3 Temperature Screening on Sep 29, 2020
While Dartmouth College has a $6+ billion endowment, the College has bought...
Hanwha AI Object Detection Tested on Sep 28, 2020
Hanwha has added detection and classification of people, cars, clothing...
Favorite Access Control Manufacturers 2020 on Sep 28, 2020
200+ Integrators told IPVM "What is your favorite access control management...
OnTech Smart Services Partners With Google and Amazon To Compete With Integrators on Sep 25, 2020
A pain point for many homeowners to use consumer security and surveillance is...
The Future of Metalens For Video Surveillance Cameras - MIT / UMass / Immervision on Sep 25, 2020
Panoramic cameras using 'fisheye' lens have become commonplace in video...
Hikvision Sues Over Brazilian Airport Loss on Sep 24, 2020
Hikvision was excluded from a Brazilian airport project because it is owned...
China General Chamber of Commerce Calls Out US Politics on Sep 24, 2020
While US-China relations are at an all-time low, optimism about relations...
Verkada Disruptive Embedded Live Help on Sep 24, 2020
Call up your integrator? Have someone come by the next day? Verkada is...
IP Networking Course Fall 2020 - Last Chance - Register Now on Sep 23, 2020
Today is the last chance to register for the only IP networking course...
Drain Wire For Access Control Reader Tutorial on Sep 23, 2020
An easy-to-miss cabling specification plays a key role in access control, yet...
Norway Council of Ethics Finds Hikvision Human Rights Abuses "Ongoing" on Sep 23, 2020
Hikvision's involvement in "serious human rights abuse" in Xinjiang is...
IPVM Camera Calculator User Manual / Guide on Sep 23, 2020
Learn how to use the IPVM Camera Calculator (updated for Version 3.1). The...